CVE-2024-0642 Inadequate access control in C21 Live Encoder and Live Mosaic

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management...

CVE-2024-0642

CVE-2024-0642 affects C21 Live Encoder and Live Mosaic (v5.3). Root cause: inadequate access control due to improper credential management, enabling a remote unauthenticated attacker to access the application as an administrator via the application endpoint. CVSS v3.1 base score 9.8 (CRITICAL) wi...

C21 Live encoder Access Control Error Vulnerability

Cires21 C21 Live encoder is a software for various encoding and transcoding needs from Cires21. An Access Control Error vulnerability exists in C21 Live Encoder and Live Mosaic version 5.3 that stems from a lack of proper credentials management, which allows an attacker to ask the application as ...

PT-2024-15712 · Unknown · C21 Live Encoder/Live Mosaic

Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic product version 5.3 Description: The issue allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise. This is due to an unrestricted upload of...

C21 Live encoder code issue vulnerability

Cires21 C21 Live encoder is a software from Cires21 for various encoding and transcoding needs. A code issue vulnerability exists in C21 Live Encoder and Live Mosaic version 5.3 that stems from the presence of an arbitrary file upload vulnerability...

PT-2024-15711 · Unknown · C21 Live Encoder/Live Mosaic

Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic version 5.3 Description: The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can b...

EulerOS 2.0 SP11 : libwebp (EulerOS-SA-2023-2653)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw an...

EulerOS Virtualization 2.9.1 : libwebp (EulerOS-SA-2023-2961)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to...

EulerOS Virtualization 3.0.6.6 : libwebp (EulerOS-SA-2023-3402)

According to the versions of the libwebp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to...

EulerOS 2.0 SP9 : flac (EulerOS-SA-2023-2893)

According to the versions of the flac package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Buffer Overflow vulnerability in function bitwritergrow in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the...

CVE-2023-51257

A flaw in jasper was discovered where an invalid memory write occurred due to the absence of a proper range check in the JPC encoder. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of...

Jasper Security Vulnerabilities

Jasper is a flexible and powerful GitHub issue reader open-sourced by Jasper. Jasper has a security vulnerability that stems from a lack of range checking in the JPC encoder, leading to invalid memory writes...

VulnCheck KEV: CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

CVE-2023-7070

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2023-7070

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

Cross site scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2023-7070 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2023-7070 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Plugin Email Encoder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15198 · WordPress · The Email Encoder – Protect Email Addresses/Phone Numbers

Name of the Vulnerable Software and Affected Versions: The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress versions up to, and including, 2.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's eeb mailto shortcode due to insufficient...